AI Policy Generator

Answer a few questions and get a practical internal AI usage policy you can copy or download. Everything runs in your browser — your answers are never stored or sent to a server.

Preview

AI Usage Policy

This is a simple, practical guide to using AI tools safely at work. It explains what's OK, what to avoid, and when to ask for help.

1. Purpose & Scope

This policy applies to all employees and contractors who use generative AI tools for work in our professional services / consulting business. It covers the approved AI tools listed below and any similar tools used for company work.

2. Approved AI Tools

The following tools are approved for use under this policy:

  • ChatGPT

Using a new AI tool that is not on this list should be approved first (see Tool Approval).

3. Approved Uses

Employees can use approved AI tools for:

  • Marketing & content writing
  • Internal documents & summaries

4. Restricted & Prohibited Uses

The following uses need to be avoided unless specifically approved:

  • Any use involving sensitive, regulated, or confidential data without approval.

AI need to not be used to make final decisions about people (hiring, termination, credit, or similar) without human judgment.

5. Data Input Rules

Our data sensitivity level is Medium — some internal or business-confidential data. When using AI tools:

  • Do not enter passwords, API keys, or other credentials into any AI tool.
  • Do not paste confidential contracts or legal documents into AI tools without approval.
  • Do not enter customer or employee personal information unless the tool is approved for it.
  • Remove or redact names, account numbers, and identifiers before using AI where possible.

6. Human Review

Review requirement: For anything customer-facing or external.

Any AI-generated content that is customer-facing or shared externally must be reviewed by a person before it is sent or published. The person who uses AI output is responsible for its accuracy.

7. Tool Approval Process

Before adopting a new AI tool, check who the vendor is, what data it stores, whether business terms are available, and who owns the output. A manager should approve the tool before it is used for company work.

8. Incident Reporting

If sensitive data is entered into an AI tool by mistake, incorrect AI output reaches a customer, or an unapproved tool is used, report it to your manager promptly so it can be handled.

9. Employee Responsibilities

Employees need to follow this policy, protect confidential information, review AI output before relying on it, and ask before using AI in a new or uncertain situation.

10. Review Cycle

This policy should be reviewed at least every 6 months, and whenever new AI tools are adopted or new risks emerge.


This policy provides practical operational guidance for AI usage management. It is not legal advice and does not guarantee regulatory compliance. Review it with qualified professionals where appropriate before adopting it.

Need the full internal policy set?

The AI Governance Starter Pack includes 12 ready-to-use templates — employee guidance, approval and review checklists, incident response, and more — as editable Word, PDF, and Excel files.